Merge branch '3.5' into travis-3.5travis-3.5

author: larryhastings <larry@hastings.org> 2020-06-12 06:07:07 -0400
committer: GitHub <noreply@github.com> 2020-06-12 06:07:07 -0400
commit: b4c34b56aa4da179e5cd1ce9e58ba832db1cda64 (patch)
tree: 49296e3e222a3bc8f7a90939c177c8c3bd881f93 /Misc/NEWS.d
parent: 3ffaa5e3d0f82f3f7571ad12bb9f07364875409b (diff)
parent: 55a6a16a46239a71b635584e532feb8b17ae7fdf (diff)
download: cpython-git-travis-3.5.tar.gz
2 files changed, 2 insertions, 0 deletions
diff --git a/Misc/NEWS.d/next/Security/2019-11-15-00-54-42.bpo-38804.vjbM8V.rst b/Misc/NEWS.d/next/Security/2019-11-15-00-54-42.bpo-38804.vjbM8V.rst
new file mode 100644
index 0000000000..1f45142d9f
--- /dev/null
+++ b/Misc/NEWS.d/next/Security/2019-11-15-00-54-42.bpo-38804.vjbM8V.rst
@@ -0,0 +1 @@
+Fixes a ReDoS vulnerability in :mod:`http.cookiejar`. Patch by Ben Caller.
diff --git a/Misc/NEWS.d/next/Security/2019-12-01-22-44-40.bpo-38945.ztmNXc.rst b/Misc/NEWS.d/next/Security/2019-12-01-22-44-40.bpo-38945.ztmNXc.rst
new file mode 100644
index 0000000000..1bf6ed567b
--- /dev/null
+++ b/Misc/NEWS.d/next/Security/2019-12-01-22-44-40.bpo-38945.ztmNXc.rst
@@ -0,0 +1 @@
+Newline characters have been escaped when performing uu encoding to prevent them from overflowing into to content section of the encoded file. This prevents malicious or accidental modification of data during the decoding process.
+\ No newline at end of file
author	larryhastings <larry@hastings.org>	2020-06-12 06:07:07 -0400
committer	GitHub <noreply@github.com>	2020-06-12 06:07:07 -0400
commit	b4c34b56aa4da179e5cd1ce9e58ba832db1cda64 (patch)
tree	49296e3e222a3bc8f7a90939c177c8c3bd881f93 /Misc/NEWS.d
parent	3ffaa5e3d0f82f3f7571ad12bb9f07364875409b (diff)
parent	55a6a16a46239a71b635584e532feb8b17ae7fdf (diff)
download	cpython-git-travis-3.5.tar.gz